For once, Facebook isn’t the culprit. Another popular social media site with more than 300 million users is the one issuing a mea culpa.
Twitter has announced that account holders’ phone numbers and email addresses were obtained by its advertising partners in order to sell targeted ads to users. Twitter claims it was an accident and stated the company does not give out any personal data.
So how did these advertisers get Twitter users’ phone numbers and email addresses, and how many people were affected? To avoid a Facebook-like stigma, Twitter is acting fast.
Twitter users’ security information given to advertisers
Unlike Facebook, which waits for a problem to be discovered by the public before acknowledging it, Twitter has stepped in to discuss the targeted ad scandal before users find out from other sources.
Twitter uses the email address or phone number provided by a user for safety and security purposes, such as two-factor authentication. In a statement, Twitter said that data “may have inadvertently been used for advertising purposes.”
And who exactly got their paws on the data? Advertisers using Twitter’s Tailored Audiences and Partner Audiences advertising system.
Related: If you use Twitter, clever trolls are spreading
If you haven’t heard of these two programs, you’re not alone. According to Twitter, Tailored Audiences is a version of an industry-standard product that allows advertisers to target ads to customers based on marketing lists the advertisers themselves have compiled.
With Partner Audiences, advertisers can use the same Tailored Audiences features to target ads through data compiled by a third party.
Twitter speculated that when an advertiser uploaded their marketing lists, the social media site may have matched people on Twitter to the lists based on the email or phone number the account holder provided.
“This was an error and we apologize,” Twitter’s statement added.
Twitter goes for transparency
Twitter stated that it couldn’t say for sure how many people were affected by the data exposure, but wanted to disclose the issue “in an effort to be transparent.” The company insisted that no personal data was shared with its advertising partners or any other third parties.
As of September 17, Twitter said it had addressed the issue and is no longer placing users’ phone numbers and email addresses on marketing lists uploaded by advertisers.
This latest Twitter stumble is small potatoes compared to the major hacking problem the company had in September. Hackers were able to take control of accounts, including that of Twitter CEO Jack Dorsey.
The hack was possible because Twitter links your account to your phone number. If a hacker steals your phone number, they can call your mobile carrier to switch the number from your SIM card to one belonging to the hacker.
After resetting your Twitter password, the hacker can then send a tweet from your account by simply texting to 40404. In response to the hack, Twitter suspended the ability to send tweets via text message worldwide — except in countries that depend on the text service to access the site.